Tahvo USB Memory Leak Fix

MEDIUM (5.5)
cwe-401kernellinuxmemory-leakusbvulnerability

Threat Intelligence

Medium Risk - Detectable
EPSS Score: 0.02% chance of exploitation (percentile: 4%)
🔍 Detection Tools: OSV.dev
⚔️ Exploit Availability: No public exploits found

How we test →

What is it?

The Linux kernel's tahvo_usb_probe() function is vulnerable to a memory leak when handling errors. This can lead to resource exhaustion and potential system crashes if left unaddressed.

Am I affected?

Affected versions: 0

Affected Products

Linux Foundation / Linux Kernel

How to fix

To fix this vulnerability:

  1. Update your Linux kernel version to 5.19 or later.
  2. Enable the CONFIG_USB_TAHVO module option in your kernel configuration (e.g., /boot/config-5.19-x86_64). You can do this by editing the kernel configuration file and adding the line CONFIG_USB_TAHVO=y.
  3. If you cannot update immediately, consider using a temporary workaround: add error handling to the tahvo_usb_probe() function.

References